CVE-2019-14965
CRITICALFrappe Framework 10.0.0-12.0.3 - Server-Side Template Injection
Title source: llmDescription
An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. A server side template injection (SSTI) issue exists.
References (6)
Core 6
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/frappe/frappe/pull/8045
Third Party Advisory x_refsource_misc
https://github.com/frappe/frappe/pull/8046
Patch, Third Party Advisory x_refsource_misc
https://github.com/frappe/frappe/pull/8047
Patch, Third Party Advisory x_refsource_misc
https://github.com/frappe/frappe/compare/v12.0.3...v12.0.4
Third Party Advisory x_refsource_misc
https://github.com/frappe/frappe/releases/tag/v12.0.4
Patch, Third Party Advisory x_refsource_misc
https://github.com/frappe/frappe/pull/8044
Scores
CVSS v3
9.8
EPSS
0.0257
EPSS Percentile
83.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-94
Status
published
Products (1)
frappe/frappe
10.0.0 - 12.0.4
Published
Aug 12, 2019
Tracked Since
Feb 18, 2026